Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/1-WmgkbcE_n3T_O4Z-fYgGpO-TKU.roa
File:                     1-WmgkbcE_n3T_O4Z-fYgGpO-TKU.roa (raw, json)
Hash identifier:          N6RTXsUte6EnEmVpdl8+O7PjdZvUYcdvbR12PkrfPb8=
Subject key identifier:   F9:69:A0:91:B7:04:FE:7D:D3:FC:EE:19:F9:F6:20:1A:93:BE:4C:A5
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       018CD49032250FB81241CE8804E10EF59D50
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/1-WmgkbcE_n3T_O4Z-fYgGpO-TKU.roa
Signing time:             Thu 04 Jan 2024 13:01:08 +0000
ROA not before:           Thu 04 Jan 2024 13:01:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        91.108.240.0/24 maxlen: 24
                          91.108.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d4:90:32:25:0f:b8:12:41:ce:88:04:e1:0e:f5:9d:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Jan  4 13:01:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f969a091b704fe7dd3fcee19f9f6201a93be4ca5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a6:37:c8:a9:c8:24:7e:69:32:19:c6:28:d6:
                    a7:b5:69:4b:ab:dd:20:c4:c9:41:7b:cc:03:0b:31:
                    ab:fa:24:fa:94:95:a6:85:6c:1e:f4:51:4e:6c:59:
                    6f:a8:b1:51:72:93:d0:fb:06:ba:22:dc:5e:31:3c:
                    85:f7:28:87:39:c4:d0:ca:61:3c:18:c4:d2:28:db:
                    dc:2f:6f:45:6c:03:03:09:19:b6:93:25:d8:77:03:
                    c4:33:15:44:a7:a7:f7:77:94:d5:47:ba:4d:b6:da:
                    13:08:19:b2:8c:7c:e6:c9:fa:7d:c8:89:e3:47:2a:
                    9e:8d:72:ef:b2:05:3e:d1:6b:7b:c3:f2:fa:f5:7a:
                    31:42:29:16:11:41:b4:7b:ec:3b:f8:5c:b0:81:e9:
                    cd:6f:0c:00:ee:8f:35:d5:12:d2:3a:5e:6e:3d:e3:
                    ab:0e:33:f6:2c:ec:76:c0:9d:e8:f1:24:e8:b0:e0:
                    77:9b:01:bf:5f:25:13:40:c9:a0:ef:91:ff:fb:07:
                    cf:05:fe:5a:36:4d:2c:8b:c6:c3:e3:e2:44:2f:b8:
                    6a:90:e9:e0:25:0e:88:88:53:3f:cd:58:1f:6b:eb:
                    a3:5f:4a:48:4d:6e:d5:66:d9:2f:80:c6:7a:86:0e:
                    3c:1a:ae:47:08:d9:5e:c8:4e:53:fd:32:a0:e9:76:
                    d5:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:69:A0:91:B7:04:FE:7D:D3:FC:EE:19:F9:F6:20:1A:93:BE:4C:A5
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/1-WmgkbcE_n3T_O4Z-fYgGpO-TKU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:71:5b:c1:d9:2c:17:18:65:ac:df:2a:d7:7f:09:af:29:6f:
         5d:22:a0:80:35:ec:2b:7d:56:6a:c5:f5:fc:d8:b9:13:3b:24:
         b7:98:9e:00:c6:4c:ae:27:bc:33:62:86:28:22:b9:91:56:9e:
         00:af:1b:86:f9:4a:25:2f:b3:e3:e4:74:c6:75:b2:15:21:80:
         ed:93:14:41:99:94:58:5e:5b:b6:82:f1:18:09:e5:6e:e8:c7:
         9a:8d:aa:b1:b4:1c:83:8d:4f:22:aa:6c:b6:a5:7d:19:56:c8:
         a1:53:fc:ee:27:8d:0f:7c:2d:11:03:5b:49:01:5c:8b:e3:82:
         a0:bb:31:c9:71:de:62:ca:23:bf:41:19:a6:52:28:98:7f:da:
         06:8b:11:fd:05:de:d1:22:2f:0c:94:eb:e0:4e:35:47:50:e8:
         9f:26:68:ac:b5:8f:a6:ad:08:21:71:c3:b1:99:57:7d:0b:6f:
         2d:7b:d9:f4:fe:16:e3:2c:e8:ce:89:89:4f:0b:5c:4b:22:f6:
         bb:4e:e8:86:04:4f:e7:3f:fe:e5:26:67:fc:35:54:86:be:25:
         4e:22:60:23:e6:33:75:08:88:ca:33:96:15:c7:7c:a6:0a:68:
         1c:db:27:aa:d1:01:f4:6b:77:47:8e:5c:fe:6a:05:dd:d6:22:
         dd:d0:3a:7c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzUkDIlD7gSQc6IBOEO9Z1QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjQwMTA0MTMwMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTY5YTA5MWI3MDRmZTdkZDNmY2VlMTlmOWY2MjAxYTkzYmU0Y2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6Y3yKnIJH5pMhnGKNantWlLq90g
xMlBe8wDCzGr+iT6lJWmhWwe9FFObFlvqLFRcpPQ+wa6ItxeMTyF9yiHOcTQymE8
GMTSKNvcL29FbAMDCRm2kyXYdwPEMxVEp6f3d5TVR7pNttoTCBmyjHzmyfp9yInj
RyqejXLvsgU+0Wt7w/L69XoxQikWEUG0e+w7+FywgenNbwwA7o811RLSOl5uPeOr
DjP2LOx2wJ3o8STosOB3mwG/XyUTQMmg75H/+wfPBf5aNk0si8bD4+JEL7hqkOng
JQ6IiFM/zVgfa+ujX0pITW7VZtkvgMZ6hg48Gq5HCNleyE5T/TKg6XbVXwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlpoJG3BP590/zuGfn2IBqTvkylMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvMS1XbWdrYmNFX24zVF9PNFotZllnR3BPLVRLVS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTQvNzBhYTMyLTk2MDctNGRiNy04ZjFlLWRhNzU0MzBiMTZm
Ni8xL3d1NUZRbTRTNVFfakRvXzhPZUJFaGRqM016ay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVts8DAN
BgkqhkiG9w0BAQsFAAOCAQEArnFbwdksFxhlrN8q138JrylvXSKggDXsK31WasX1
/Ni5Ezskt5ieAMZMrie8M2KGKCK5kVaeAK8bhvlKJS+z4+R0xnWyFSGA7ZMUQZmU
WF5btoLxGAnlbujHmo2qsbQcg41PIqpstqV9GVbIoVP87ieND3wtEQNbSQFci+OC
oLsxyXHeYsojv0EZplIomH/aBosR/QXe0SIvDJTr4E41R1DonyZorLWPpq0IIXHD
sZlXfQtvLXvZ9P4W4yzozomJTwtcSyL2u07ohgRP5z/+5SZn/DVUhr4lTiJgI+Yz
dQiIyjOWFcd8pgpoHNsnqtEB9Gt3R45c/moF3dYi3dA6fA==
-----END CERTIFICATE-----